Attorney Docket No. 030186 

WHAT IS CLAIMED IS: 

1 . A network security apparatus comprising: 

a billing server configured to calculate security protection consumption during a 
period of time by quantifying damages avoided by one or more blocked attacks. 

2. The apparatus of claim 1, wherein calculating security protection consumption 
further includes determining whether a blocked attack would have exploited a network 
vulnerability. 

3. The apparatus of claim 2, wherein determination if a blocked attack would have 
exploited network vulnerability is determined by replaying the attack on the internal 
network. 

4. The apparatus of claim 1, further comprising a scanner configured to scan one or 
more devices for vulnerabilities. 

5. The apparatus of claim 4, wherein the scanner is configured to quantify the risk of 
one or more devices. 

6. The apparatus of claim 4, wherein the scanner is located within a customer 
network. 
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7. The apparatus of clam 1 , farther comprising an intrusion suppression module 
configured to block attacks. 

8. The apparatus of claim 7, wherein the intrusion suppression module is configured 
to maintain a list of attacks sustained and blocked during a period of time. 

9. The apparatus of claim 7, wherein the intrusion suppression module is located 
outside a customer network. 

10. A network security method comprised of: 

quantifying damages avoided by one or more blocked attacks; and 
calculating security protection consumption during a period of time. 

1 1 . The method of claim 1 0, farther comprised of determining whether a blocked 
attack would have exploited network vulnerability. 

12. The method of claim 10, farther comprised of scanning one or more devices for 
vulnerabilities. 

13. The method of claim 12, further comprised of quantifying the risk of one or more 
devices. 
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1 4. The method claim 1 , further comprised of the blocking one or more attacks. 

15. The method of claim 14, further comprised of the maintaining of a list of attacks 
sustained and blocked during a period of time. 

16. A network security apparatus comprised of: 

means for quantifying damages avoided by one or more blocked attacks; and 
means for calculating security protection consumption during a period of time. 

1 7. The apparatus of claim 16, further comprised of the means for determining 
whether a blocked attack would have exploited network vulnerability. 

1 8. The apparatus of claim 1 6, further comprised of the means for scanning one or 
more devices for vulnerabilities. 

19. The apparatus of claim 1 8, further comprised of the means for quantifying the risk 
of one or more devices. 

20. The apparatus claim 16, further comprised of the means for blocking one or more 
attacks. 
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21 . The apparatus of claim 20, further comprised of the means for maintaining a list 
of attacks sustained and blocked during a period of time. 

22. A computer program stored on a computer-readable medium, the program 
comprising instructions for: 

quantifying damages avoided by one or more blocked attacks; and 
calculating security protection consumption during a period of time. 

23 . The program of claim 2 1 , further comprising instructions for determining whether 
a blocked attack would have exploited network vulnerability. 

24. The program of claim 21, further comprising instructions for scanning one or 
more devices for vulnerabilities. 

25. The program of apparatus of claim 23, further comprising instructions for 
quantifying risk of one or more devices. 

26. The program of claim 2 1 , further comprising instructions blocking one or more 
attacks. 

27. The apparatus of claim 25, further comprising means for maintaining a list of 
attacks sustained and blocked during a period of time. 
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28. The program of claim 2 1 , wherein the computer-readable medium comprises one 
or more of a memory module, a disk, a device, and a propagated signal. 
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